Building a case for bug bounty programs
Bug bounty programs have emerged as a powerful tool in the cybersecurity arsenal, empowering organizations to proactively identify and resolve vulnerabilities before they can be…
Category: Mix
HackerOne Company Values Matter: Respect All People
At HackerOne, our company values – Default to Disclosure, Respect All People, Win as a Team, Lead with Integrity, and Execute with Excellence – reflect…
Recap: Experts Break Down AI Red Teaming in a Live Q&A
The participants answered live as well as carefully curated questions from popular community platforms such as Quora, Reddit, LinkedIn, and Zoom. Below is a quick…
New VDP Guidance UK Smart Products [3 Requirements]
New security regulations for connected devices and related guidance enter into force in the United Kingdom at the end of April. The UK Product Security and Telecommunications…
Spoutible Enhances Platform Security through Partnership with Wallarm
Spoutible, the rapidly growing social media platform known for its commitment to fostering a safe, inclusive, and respectful online community, has taken a significant step…
Efficient Security Principle (ESP)
One of the hardest things about being in information security is the frustration. The longer you’re in the field the more you’re exposed to ridiculously…
Top 4 Industries at Risk of Credential Stuffing and Account Takeover (ATO) attacks
All industries are at risk of credential stuffing and account takeover (ATO) attacks. However, some industries are at a greater risk because of the sensitive…
What Is an Information Disclosure Vulnerability? [Examples]
HackerOne’s 7th Annual Hacker-Powered Security Report states that information disclosure is the third most common vulnerability reported in both bug bounty and pentest. It makes up…
Revolutionizing healthcare security: moving beyond pentesting
The healthcare sector remains a prime target for cybercriminals, with 90% of healthcare institutions experiencing at least one security breach in the last few years. And…
Keep Hackers Out of Your Kubernetes Cluster with These 5 Simple Tricks!
Securing Kubernetes clusters may feel overwhelming, as it’s often challenging to prioritize security investments and focus on what matters. In this post, we review real-world…
Two different IDOR bugs at mijn.VvAA.nl lead to potential access to data of 130k healthcare providers; including their own cyber risk insurance policy documents and more. | by Jonathan Bouman | Mar, 2024
Today we are going to have a close look at the VvAA, it’s one of the biggest insurance and consulting companies used by doctors and…
Misconfigured API endpoint on portal.skge.nl leaks PII data of registered healthcare providers | by Jonathan Bouman | Mar, 2024
Ransomware attacks in healthcare are our biggest threat according to the annual report of Z-Cert.nl. In this report it’s mentioned that the vendors of the…